#!/bin/sh -e

. cl-config

[ "$#" -ge 2 ] || fatal "more arguments required"
config="$1"
group="$2"
shift 2

cl_slapd_config "$config"

#check for name
local_getent_group "$group" | grep -qs "^$group:" && fatal "same name already exists"
ldap-getent-group "$config" "$group" | grep -qs "^$group:" && fatal "same name already exists"

#calculate gid
local_gid_avail="$(local_getent_group| cut -f3 -d: |sort -unr|head -n1)"
ldap_gid_avail="$(ldap-getent-group "$config"| cut -f3 -d: |sort -unr|head -n1)"
#[ "$local_gid_avail" -gt "$ldap_gid_avail" ] && gid_avail="$local_gid_avail" || gid_avail="$ldap_gid_avail"
[ -n "$ldap_gid_avail" ] && [ "$local_gid_avail" -lt "$ldap_gid_avail" ] && gid_avail="$ldap_gid_avail" || gid_avail="$local_gid_avail"

gid_min="${gid_min:-$(sed -rn 's,^GID_MIN[[:space:]]+([^[:space:]]+),\1,p' /etc/login.defs)}"
gid_max="${gid_max:-$(sed -rn 's,^GID_MAX[[:space:]]+([^[:space:]]+),\1,p' /etc/login.defs)}"

gid=$(( $gid_avail + 1 ))

[ "$gid" -le "$gid_max" ] || fatal "not free gid available"
[ "$gid" -lt "$gid_min" ] && gid="$gid_min"

message "using gid - $gid"

#edit ldap
ldapadd -a -D "$binddn" $bindpw -x <<EOF
dn: cn=$group,ou=Group,$base
objectClass: posixGroup
objectClass: top
cn: $group
userPassword: {crypt}x
gidNumber: $gid
EOF
